Hi,   That  is from netconf specification https://datatracker.ietf.org/doc/html/rfc6241#section-4.1   The <rpc> element has a mandatory attribute "message-id", which is a string chosen by the sender of the RPC that will commonly encode a monotonically increasing integer.     ... View more

Hi,   That is something how manage your connection decided to apply to your installation.   Therefore, or you call them to see what can be done in your case, or you are requestion our help to overcome something the administrator wants to impose to you.   Best Regards, Filipe ... View more

Hi,   I do not know if I understood your question correctly, but I can share what I know.   If you have a cluster, you can not start upgrading all the nodes at same time, because when you start an upgrade process in a cluster, it will upgrade a node each time. If you do that (all at same time) you will stop serving your customers somewhere in time while the nodes reboot and start the upgrade process. The only way I know to do that, is destroy the cluster, upgrade all the nodes at the same time, them, recreate the cluster.   One action you can speed up, is the availability of the package in all nodes prior to the update. To do that, you can use the staging area. https://docs.pulsesecure.net/WebHelp/PPS/5.4R3/Content/PPS_Admin_Guide_5.4R3/Downloading_and_Uploading.htm   Best Regards, ... View more

Hi,   I do not know how to easly delete all stuff... deleting the connection always leaves some identifiers from PCS.   What I've to my users, was to make available the PulsePreconfig, and then ask to apply it manually   jamCommand -importfile VPN.config   This will delete all previous configuration and apply the new configurations as new installation. ... View more

[email protected] objective is to have the wsam connection pre configured in PDC as VPN connections, and not only when the user push the Pulse Secure button in user web interface. ... View more

Hi @xqno    That is just a gtk module which can be installed with apt install libcanberra-gtk-module but that is a GTK theme and can be ignored.   Probably you miss this from README file Launch UI from the terminal: 1) Append /usr/local/pulse to LD_LIBRARY_PATH example: export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pulse 2) Launch the UI by executing the below command /usr/local/pulse/pulseUi It is better to lauch Pulse Secure via Activity Manager in Gnome.   ... View more

Hi all,   Version 9.1R8.2 (fresh install) works fine in RHEL8, but out of the box do not work with CentOS8, because after some digging, I've found in the ConfigurePulse_x86_64.sh script, was changed to support RHEL but not CentOS. I've done a quick experiment removing /etc/centos-release file and reinstall the rpm and it work without problems.   Cumprimentos, Filipe ... View more

Hi,   With that behavior and if you have some Cisco software i bet in KB40351   If not, in KB40347, there are more possible solutions for that kind of problems.   In Device Manager, you must use the option to show hidden devices.   Best Regards, ... View more

Hi [email protected]    In the latest PDC 9.1R8.2 is reported to be solved: PRS-392320 RHEL 8 has deprecated many libraries that are required by libwebkitgtk, which is used by Pulse Client. Do you know what this mean? I've tried with a CentOs 8 and it didn't work [[email protected] pulse]$ lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 8.2.2004 (Core) Release: 8.2.2004 Codename: Core [[email protected] pulse]$ ./pulseUi ./pulseUi: error while loading shared libraries: libwebkitgtk-1.0.so.0: cannot open shared object file: No such file or directory Best Regards, ... View more

Hi @amjad.ra2    You can create an expression to be used during the role mapping. We are using this one, associated with a stop rule in the begin of the role mapping. Explanation: user of LDAP group block_0030_0800, and time between 00:30 to 08:00   groups=('block_0030_0800') and time = (00:30 TO 08:00) If you what at 11PM the VPN Session be disconnected, you must Enable dynamic policy evaluation at realm level.   I hope it helps.   Best Regards, ... View more

Hi,   As admin of several PSAs, I also had many complains from my users. After we apply method #1 of KB43833 the complains drooped significatly.   Excluding bad capacity management on VPN servers or bad management in general, at client side there also many other places to search for issues: CPU consumption - encryption is computationaly heavy, so if your CPU is already overloaded, VPN traffic will drop Buggy Wifi Drivers - Not always the lattest wifi drivers is the best option Then, you also need to check, if your traffic will use web proxy or not.   If you are using an ISP, remember they also apply network traffic engineering (or traffic shapping if you like).   At this moment, in my home, I get this download (upload) speeds using Wifi: WithOut VPN: 42Mbps (10Mbps) With VPN: 39Mbps (8Mbps) In Linux, using ESP, via speedtest.net servers.   Is this software perfect: no. I just want to raise awareness about other places there the problems can arise.   In the end I just wish that PS: remove legacy stuff for SRX from PDC. If some clients need it, have a special version for them, or add a switch to install legacy stuff if needed, and not to everybody; have some way to test throughput against VPN server with and without tunnel ... View more

Today I've upgraded from 9.1R7 to 9.1R8.1 without problems.   Reading the release notes I see this information   PSA-Vs cannot be upgraded to 9.1R8.1 without a core license installed. Follow these steps to upgrade to 9.1R8.1: 2. If PSA-V is running 9.0Rx or later: d. Install Core license through Authcode. e. Upgrade to 9.1R8.1. ... View more

Hi @amjad.ra2,   From what you show, it is taking more or less 2 seconds, which is not so bad. When in logs it shows Time Taken:770.898 It means it took 0.770898 seconds to run.   So, the problem could be in other place, as [email protected] mentioned, so also check logs of AntiVirus and AntiSpyWare software.   Check all debuglog file (3rd column), and see where is taking more time, if needed, increase (just for testing) the logging to detailed.   Meanwhile, you should open a case in PS, because it can be a problem mixing all those tests.   Best Regards, Flip ... View more

Hi Mistouf,   I do not have a answer for you. Just to add some information which can help.   In the past I had issues to upgrade a vPSA because I didn't had a valid license, but is not the same error. In my case it gave a explicit error:   Step9: Virtual Appliance doesn't have platform license to continue... I've some vPSA with 9.1R7. I didn't try upgrade to 9.1R8.     ... View more

Hi CharlesP,   I've already request PS to develop that kind of metrics to help in cleaning the configurations. If you want, ask your SE to push for this change request   CSC-I-603 Provide usage data on REALM, Role & VPN Access Control.   The best option to disable a role, is to remove it from role mapping. For the realm, just remove it from realms available or disable the signin page.   ... View more

Hi pquiroga,   Usually I've the opposite results, lousy throughput in windows and great throughput in ubuntu.   It is the same physical computer with windows and ubuntu?   Are the same cypher suites used? (check in Advanced Connection/Status Details).   Chers, ... View more

Hi amjad.ra2,   First you can check debuglog.log file and search for messages from OpswatImcColData It will give times (in ms) of was the time each policy takes to evaluate.   Example 'OpswatImcColData' Result of Antivirus data to monitor(Successfully called: CheckRTPState : Time Taken:23.8515, Successfully called: GetDataFileTime : Time Taken:10.7346, Successfully called: GetDataFileVersion : Time Taken:10.5312, Call failed: GetDataFileSignatures : Error Desc : Not supported, Call failed: IsUpdateInProgress : Error Desc : Not supported, Successfully called: IsFullScanInProgress : Time Taken:263.504, ) Regarding the timming, you can not have a rule of thumb for that, because it is heavly influenced by resources consumption in the client machine and by the caching mechanisms of pulse secure.   I'm doing tests for active patch policies, and depending of the end user computer and day, I've results as you, it fails by time out, other times, minutes to complete, other times just few seconds.   Chers, ... View more

Hi [email protected],   The server id is bound to 02XXXXXX ive "3d26173a-xxx-xxxx-xxxx-9a56ab576ac9" { server-id: "02XXXXXX" } After manually change the machine settings to true, it start working as expected. machine "settings" { dynamic-connection: "true" } Now is just a matter of fine tunning the configuration in the master PCS.   Thanks ... View more

I also would like to know how we can use that kind of authentications with PCS. ... View more

This feature was not deprecated, just wasn't working as expected and not documentated in newer releases.   At least in version 9.1R7, this features is working again, check PRS-382777.   In new documentation, it is not documented how this works, but take care, because as in release 7.4, client IP is just showed in 3 message IDs   AUT24326 (user and admin login) AUT20919 (user roaming) ADM22896 (admin roaming) and do not substitute sourceip variable.   The new AUT24326 should have the text Primary authentication successful for <user>/<auth server> from <LB IP> forwarded for <client IP>     ... View more

https://brand.pulsesecure.net/imagery/visio-stencils/ ... View more

I do not know other way in PCS, besides configuring manually network ranges in User Realms > Desktop > Authentication Policy >Source IP   But, if someone wants to connect to your server with a compromised account, She/he can create a VM in some cloud provider and use it "attack" you. ... View more

Article KB21481 explains how MTU is calculated. ... View more

It does allow, I'm using tcp in a non standard port   Also, there is some bug fixed because of this feature. https://www-prev.pulsesecure.net/download/techpubs/current/1419/pulse-connect-secure/pcs/8.3rx/ps-pcs-sa-8.3r7-releasenotes.pdf And search for syslog. ... View more

60k ACL is total number of tunnels established, not per user :)   My experience, says until 120k, there is no big problem :) ... View more

I can not connect to management interface, but I use internal interface to manage it. ... View more